We are in the same boat as u and struggling to see how it can be achieved and if it is worth doing over and above just using Https to transport the sensitive data.
U mention 'I learned quickly that asymmetric key pairs are (usually) used to encrypt symmetric keys and a symmetric key is used to encrypt the data.' have u any info/references for this 'best practise'?
Did u actually end up with a viable production quality solution?
Thanks for your time.
I don't have a best practice reference. It might have been mentioned here schneier.com/books/applied_cryptog... but I only read about a third of that book back in 1998. If I recall, I asked a very experience dev how it was done and he mentioned it was done that way (the guy I asked used to work on a S/MIME toolkit back in the day).
My solution worked when I tested it but it never actually shipped. The company I worked for folded (for other reasons!) before it was deployed.
Thanks for the prompt response and the great article.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.